MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0182db6c14d559c187954e88fbae9157b1b90c8edd6720c74cad8523f7117809. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara 3 Comments

SHA256 hash: 0182db6c14d559c187954e88fbae9157b1b90c8edd6720c74cad8523f7117809
SHA3-384 hash: b3ae40e685ab5a1e89988fd17674aeaaed3012881c8186ee546c61390a9ed50c2a625e7f8b6897447834fbe0fa3dce3e
SHA1 hash: 3f2570f1a8f34c89b1f1367b41a7971ab6720833
MD5 hash: 88d4f79ba178767c268c272a18f43b4e
humanhash: july-five-sweet-spaghetti
File name:Solicitud de cotizacioÌ n.exe
Download: download sample
Signature AgentTesla
File size:439'808 bytes
First seen:2020-06-29 18:00:47 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 12288:brlyKjTunqNNtqbUM+oXvrqlpjTnSUO1L:XAK3ugqbUvGTqvnSUOl
TLSH AD940128771C3EBFCB3C16FD1181A50007B895A57587F7DA4DC231E828D6FE49A42AA7
Reporter @abuse_ch
Tags:AgentTesla exe


Twitter
@abuse_ch
Malspam distributing AgentTesla:

HELO: mx04.host-services.com
Sending IP: 94.126.169.24
From: <geral@ascensotecnica.com>
Subject: Solicitud de cotización
Attachment: Solicitud de cotizacioÌ n.zip (contains "Solicitud de cotizacioÌ n.exe")

AgentTesla SMTP exfil server:
smtp.pharco--corp.com:587

Intelligence


File Origin
# of uploads :
1
# of downloads :
31
Origin country :
US US
Mail intelligence
Geo location:
Global
Volume:
Low
Vendor Threat Intelligence
Detection:
AgentTeslaV2
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Status:
Malicious
First seen:
2020-06-29 16:11:26 UTC
AV detection:
25 of 31 (80.65%)
Threat level
  5/5
Result
Malware family:
agenttesla
Score:
  10/10
Tags:
spyware keylogger trojan stealer family:agenttesla
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetThreadContext
Reads user/profile data of web browsers
Reads user/profile data of local email clients
Reads data files stored by FTP clients
AgentTesla

Yara Signatures


Rule name:Agenttesla_type2
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:win_agent_tesla_w1
Author:govcert_ch
Description:Detect Agent Tesla based on common .NET code sequences

File information


The table below shows additional information about this malware sample such as delivery method and external references.

736955fa04742b937cb766ddaa82ac35

AgentTesla

Executable exe 0182db6c14d559c187954e88fbae9157b1b90c8edd6720c74cad8523f7117809

(this sample)

  
Dropped by
MD5 736955fa04742b937cb766ddaa82ac35
  
Delivery method
Distributed via e-mail attachment

Comments